In the case of cellular telephone networks, a standard operating model has evolved over the years to enable users to roam outside of the home domain to which they subscribe, into so-called visited domains. This model allows users to roam in visited (e.g. foreign) domains whilst ensuring that the visited domain operators can recover incurred costs from the home domain. At the same time, the home domain operator can trust the visited domain operators to recharge only costs that are actually incurred. A key component of this model is a mechanism for allowing a visited domain to authenticate a user as a subscriber of the home domain. The visited domain needs assistance from the home domain to implement this mechanism. The typical approach is to provide within the home domain an “authentication server” which maintains long-term authentication credentials for a user and is the “root of trust” for the user. An “authenticator” is provided within the visited domain and performs the actual authentication by communication with the authentication server and the user (or “client”).
3GPP TS 33.102 describes a security architecture for the Universal Mobile Telecommunications Service (UMTS) networks which is, as far as possible, compatible with the pre-existing GSM networks. TS 33.102 considers in particular the Authentication and Key Agreement (AKA) security protocol which is a mechanism for performing authentication and session key distribution. AKA is a challenge-response based mechanism that uses symmetric cryptography. Within a client terminal, AKA is typically run in a UMTS Subscriber Identity Module (USIM) which resides on a smart card like device. The smart card possesses a secret K which is also known to an Authentication Centre (AuC) located within the user's home domain. When a user attempts to register with a visited domain, the AKA mechanism is run between the client terminal and the visited domain, involving the home domain as a “back-end”. This process involves the visited domain being provided, by the home network, with an authentication vector comprising a challenge and an expected result. The challenge is forwarded by the visited domain to the client terminal, which generates a challenge response (within the USIM) and returns this to the visited domain. If the challenge response matches the expected result, the visited domain authorises the client terminal to use its access services. AKA also allows the client terminal to verify that its home domain has indeed been involved in the signalling process, which in turn allows the terminal to authenticate the visited domain.
The AKA authentication vector is good for only one access attempt by the client. If the client terminal subsequently deregisters from the visited domain (e.g. the terminal is powered down), a new authentication vector is required for any further registration. TS 33.102 allows for the home domain to provide to the visited domain a set of authentication vectors at first registration, enabling the visited domain to perform multiple authentications for a given client terminal without having to contact the home domain for each individual registration.
Authentication in 2G networks is handled using a challenge and response approach similar to AKA.
The 2G and 3G approaches to security enable (local) mobility and hand-overs since the home domain does not need to be involved in sub-sequent re-authentications. For example, in the case of a terminal transferring to a 2G access from a 3G access (where both accesses belong to the same operator), a user can be implicitly authenticated/authorised in the new access by reuse of the previously used session keys. However, delegating responsibility for authentication to the visited network may not always be satisfactory for the home domain, as the home domain must “blindly” trust that the visited domain is not making a false claim about the client's presence in the visited domain, or that the client is receiving the paid for services, etc. Whilst this trust model has worked well for established network operators, it may not apply to future network configurations as will be discussed below.
In the case of the Internet, the IETF has created under the heading Authentication, Authorization, and Accounting (AAA), a set of protocols for achieving authentication of a user within a visited domain. The currently implemented protocols include RADIUS and DIAMETER. A typical Internet scenario might involve a user attempting to use a WLAN hotspot (located for example in an Internet café or airport terminal) as an access network, when the user is a subscriber of an Internet Service Provider (ISP) broadband network. In the IETF model, authentication is done in the home domain, i.e. the authenticator and authentication server are both in the home domain. While this may be satisfactory to the home domain, it leads to sub-optimal performance due to the signalling overhead and impairs smooth hand-over/mobility within the visited domain.
It is noted that where the access domain is a wireless network, a wireless terminal may communicate with a AAA client/authenticator within the access domain, with the AAA client communicating with a AAA server in the home domain. End-to-end authentication signalling may be conveyed using the Extensible Authentication Protocol (EAP) which is an authentication framework rather than an actual authentication method. One of the roles of EAP is to implement an authentication method between endpoints. The EAP-AKA method is one example of such an authentication method. In this approach therefore, AKA data will be contained within EAP messages which are in turn contained within DIAMETER messages (for the AAA client to AAA server leg). [UMTS AKA as described above is a 3GPP-specific protocol which does not use AAA and EAP frameworks and should not be confused with EAP-AKA, although of course the actual AKA mechanism is common to both.]
This current protocol “architecture” is illustrated in FIG. 1, where the wireless access network is a 802.11 (WLAN) network and the AKA endpoint is in the home domain. The AAA client/authenticator within the wireless network understands the EAP signalling, and converts EAP in the AAA signalling to EAP over LAN. The AAA client/authenticator is transparent to AKA. It is noted that one or more AAA proxies may be present between the visited and home networks.
Communication standards are evolving to provide for the integration of different heterogeneous access domains into one single logical network. This will result in 3GPP-based access domains (e.g. GPRS, UMTS, LTE) and non-3GPP based access domains (e.g. Wimax, WLAN, Fixed-Line broadband, etc) merging to form one logical network (see for example 3GPP 3GPP TR 23.882). A home domain will likely ustilise AAA (e.g. DIAMETER) and EAP, and multiple EAP-methods (such as EAP AKA, EAP SIM, EAP TLS, etc) to communicate with the different access domains and terminals. It is however inevitable that a given home domain will place different levels of trust on different access domains. For example, a high level of trust might be placed on a 3G access domain, whilst a very low level of trust may be placed on an Internet café WLAN.